Biblio

Current cryptographic solutions used in information technologies today like Transport Layer Security utilize algorithms with underlying computationally difficult problems to solve. With the ongoing research and development of quantum computers, these same computationally difficult problems become solvable within reasonable (polynomial) time. The emergence of large-scale quantum computers would put the integrity and confidentiality of today’s data in jeopardy. It then becomes urgent to develop, implement, and test a new suite of cybersecurity measures against attacks from a quantum computer. This paper explores, understands, and evaluates this new category of cryptosystems as well as the many tradeoffs among them. All the algorithms submitted to the National Institute of Standards and Technology (NIST) for standardization can be categorized into three major categories, each relating to the new underlying hard problem: namely error code correcting, algebraic lattices (including ring learning with errors), and supersingular isogenies. These new mathematical hard problems have shown to be resistant to the same type of quantum attack. Utilizing hardware clock cycle registers, the work sets up the benchmarks of the four Round 3 NIST algorithms in two environments: cloud computing and embedded system. As expected, there are many tradeoffs and advantages in each algorithm for applications. Saber and Kyber are exceedingly fast but have larger ciphertext size for transmission over a wire. McEliece key size and key generation are the largest drawbacks but having the smallest ciphertext size and only slightly decreased performance allow a use case where key reuse is prioritized. NTRU finds a middle ground in these tradeoffs, being better than McEliece performance wise and better than Kyber and Saber in ciphertext size allows for a use case of highly varied environments, which need to value speed and ciphertext size equally. Going forward, the benchmarking system developed could be applied to digital signature, another vital aspect to a cryptosystem.

In order to protect user privacy and provide better access control in Internet of Things (IoT) environments, designing an appropriate two-party authentication and key exchange protocol is a prominent challenge. In this paper, we propose a lightweight certificateless non-interactive authentication and key exchange (CNAKE) protocol for mutual authentication between remote users and smart devices. Based on elliptic curves, our lightweight protocol provides high security performance, realizes non-interactive authentication between the two entities, and effectively reduces communication overhead. Under the random oracle model, the proposed protocol is provably secure based on the Computational Diffie-Hellman and Bilinear Diffie-Hellman hardness assumption. Finally, through a series of experiments and comprehensive performance analysis, we demonstrate that our scheme is fast and secure.

On the Internet, trust is difficult to obtain. With the rise of the possibility of obtaining gratis x509 certificates in an automated fashion, the use of TLS for establishing secure connections has significantly increased. However, other use cases, such as end-to-end encrypted messaging, do not yet have an easy method of managing trust in the public keys. This is particularly true for personal communication where two people want to securely exchange messages. While centralised solutions, such as Signal, exist, decentralised and federated protocols lack a way of conveniently and securely exchanging personal certificates. This paper presents a protocol and an implementation for certifying OpenPGP certificates. By offering multiple means of data transport protocols, it achieves robust and resilient certificate exchange between an attestee, the party whose key certificate is to be certified, and an attestor, the party who will express trust in the certificate once seen. The data can be transferred either via the Internet or via proximity-based technologies, i.e. Bluetooth or link-local networking. The former presents a challenge when the parties interested in exchanging certificates are not physically close, because an attacker may tamper with the connection. Our evaluation shows that a passive attacker learns nothing except the publicly visible metadata, e.g. the timings of the transfer while an active attacker can either have success with a very low probability or be detected by the user.

This study offers an alternative to current implementations of key exchange by utilizing NFC technologies within android mobile devices. Supporting key exchange protocols along with cryptographic algorithms are offered, which meet current security standards whilst maintaining a short key length for optimal transfer between devices. Peer-to-peer and Host Card Emulation operational modes are observed to determine the best suited approach for key exchange. The proposed model offers end to end encryption between Client-Client as opposed to the usual Client-Server encryption offered by most Instant Messaging applications.

In this paper, we propose an efficient and secure physically unclonable function based multi-factor authenticated key exchange (PUF-MAKE). In a PUF-MAKE setting, we suppose two participants; a user and a server. The user keeps multi-factor authenticators and securely holds a PUF-embedded device while the server maintains PUF outputs for authentication. We first study on how to efficiently construct a PUF-MAKE protocol. The main difficulty comes from that it should establish a common key from both multi-factor authenticators and a PUF-embedded device. Our construction is the first secure PUF-MAKE protocol that just needs three communication flows.

Modern automotive Cyber-Physical Systems (CPS) are increasingly adopting wireless communications for Intra-Vehicular, Vehicle-to-Vehicle (V2V), and Vehicle-to-Infrastructure (V2I) protocols as a promising solution for challenges such as the wire harnessing problem, collision detection, and collision avoidance, traffic control, and environmental hazards. Regrettably, this new trend results in new security challenges that can put the safety and privacy of the automotive CPS and passengers at great risk. In addition, automotive wireless communication security is constrained by strict energy and performance limitations of electronic controller units and sensors. As a result, the key generation and management for secure automotive CPS wireless communication is an open research challenge. This article aims to help solve these security challenges by presenting a practical key generation technique based on the reciprocity and high spatial and temporal variation properties of the automotive wireless communication channel. Accompanying this technique is also a key length optimization algorithm to improve performance (in terms of time and energy) for safety-related applications constrained by small communication windows. To validate the practicality and effectiveness of our approach, we have conducted simulations alongside real-world experiments with vehicles and RC cars. Last, we demonstrate through simulations that we can generate keys with high security strength (keys with 67% min-entropy) with 20× reduction in code size overhead in comparison to the state-of-the-art security techniques.

A key exchange protocol is an important primitive in the field of information and network security and is used to exchange a common secret key among various parties. A number of key exchange protocols exist in the literature and most of them are based on the Diffie-Hellman (DH) problem. But, these DH type protocols cannot resist to the modern computing technologies like quantum computing, grid computing etc. Therefore, a more powerful non-DH type key exchange protocol is required which could resist the quantum and exponential attacks. In the year 2013, Lei and Liao, thus proposed a lattice-based key exchange protocol. Their protocol was related to the NTRU-ENCRYPT and NTRU-SIGN and so, was referred as NTRU-KE. In this paper, we identify that NTRU-KE lacks the authentication mechanism and suffers from the man-in-the-middle (MITM) attack. This attack may lead to the forging the authenticated users and exchanging the wrong key.

Mobile ad hoc networks (MANETs) play a significant role for communication whenever infrastructure is not available. In MANET, the group communication-based applications use the multicast routing protocol, where there is a single sender node and a group of receiver nodes. The benefits of multicast routing protocols are the capability to reduce the communication costs and saving the network resources by reproduction of the message over a shared network. The security is the main concern for multicast routing protocol in MANET, as it includes large number of participants. The security issues become more rigorous in a multicast communication due to its high variedness and routing difficulty. In this paper, we consider the internal attack, namely Multicast Announcement Packet Fabrication Attack on PUMA (Protocol for Unified Multicasting through Announcements). We proposed the security approach to detect the attacks as multicast activity-based overhearing technique, i.e., traffic analysis-based detection method with a unique key value. The performance analysis, shows an improved network performance of proposed approach over PUMA.

Attribute-based methods provide authorization to parties based on whether their set of attributes (e.g., age, organization, etc.) fulfills a policy. In attribute-based encryption (ABE), authorized parties can decrypt, and in attribute-based credentials (ABCs), authorized parties can authenticate themselves. In this paper, we combine elements of ABE and ABCs together with garbled circuits to construct attribute-based key exchange (ABKE). Our focus is on an interactive solution involving a client that holds a certificate (issued by an authority) vouching for that client's attributes and a server that holds a policy computable on such a set of attributes. The goal is for the server to establish a shared key with the client but only if the client's certified attributes satisfy the policy. Our solution enjoys strong privacy guarantees for both the client and the server, including attribute privacy and unlinkability of client sessions. Our main contribution is a construction of ABKE for arbitrary circuits with high (concrete) efficiency. Specifically, we support general policies expressible as boolean circuits computed on a set of attributes. Even for policies containing hundreds of thousands of gates the performance cost is dominated by two pairing computations per policy input. Put another way, for a similar cost to prior ABE/ABC solutions, which can only support small formulas efficiently, we can support vastly richer policies. We implemented our solution and report on its performance. For policies with 100,000 gates and 200 inputs over a realistic network, the server and client spend 957 ms and 176 ms on computation, respectively. When using offline preprocessing and batch signature verification, this drops to only 243 ms and 97 ms.

Attribute-based methods provide authorization to parties based on whether their set of attributes (e.g., age, organization, etc.) fulfills a policy. In attribute-based encryption (ABE), authorized parties can decrypt, and in attribute-based credentials (ABCs), authorized parties can authenticate themselves. In this paper, we combine elements of ABE and ABCs together with garbled circuits to construct attribute-based key exchange (ABKE). Our focus is on an interactive solution involving a client that holds a certificate (issued by an authority) vouching for that client's attributes and a server that holds a policy computable on such a set of attributes. The goal is for the server to establish a shared key with the client but only if the client's certified attributes satisfy the policy. Our solution enjoys strong privacy guarantees for both the client and the server, including attribute privacy and unlinkability of client sessions. Our main contribution is a construction of ABKE for arbitrary circuits with high (concrete) efficiency. Specifically, we support general policies expressible as boolean circuits computed on a set of attributes. Even for policies containing hundreds of thousands of gates the performance cost is dominated by two pairing computations per policy input. Put another way, for a similar cost to prior ABE/ABC solutions, which can only support small formulas efficiently, we can support vastly richer policies. We implemented our solution and report on its performance. For policies with 100,000 gates and 200 inputs over a realistic network, the server and client spend 957 ms and 176 ms on computation, respectively. When using offline preprocessing and batch signature verification, this drops to only 243 ms and 97 ms.

Funded under the European Union's Horizon 2020 research and innovation programme, SAFEcrypto will provide a new generation of practical, robust and physically secure post-quantum cryptographic solutions that ensure long-term security for future ICT systems, services and applications. The project will focus on the remarkably versatile field of Lattice-based cryptography as the source of computational hardness, and will deliver optimised public key security primitives for digital signatures and authentication, as well identity based encryption (IBE) and attribute based encryption (ABE). This will involve algorithmic and design optimisations, and implementations of lattice-based cryptographic schemes addressing cost, energy consumption, performance and physical robustness. As the National Institute of Standards and Technology (NIST) prepares for the transition to a post-quantum cryptographic suite B, urging organisations that build systems and infrastructures that require long-term security to consider this transition in architectural designs; the SAFEcrypto project will provide Proof-of-concept demonstrators of schemes for three practical real-world case studies with long-term security requirements, in the application areas of satellite communications, network security and cloud. The goal is to affirm Lattice-based cryptography as an effective replacement for traditional number-theoretic public-key cryptography, by demonstrating that it can address the needs of resource-constrained embedded applications, such as mobile and battery-operated devices, and of real-time high performance applications for cloud and network management infrastructures.

Lattice-based cryptography offers some of the most attractive primitives believed to be resistant to quantum computers. Following increasing interest from both companies and government agencies in building quantum computers, a number of works have proposed instantiations of practical post-quantum key exchange protocols based on hard problems in ideal lattices, mainly based on the Ring Learning With Errors (R-LWE) problem. While ideal lattices facilitate major efficiency and storage benefits over their non-ideal counterparts, the additional ring structure that enables these advantages also raises concerns about the assumed difficulty of the underlying problems. Thus, a question of significant interest to cryptographers, and especially to those currently placing bets on primitives that will withstand quantum adversaries, is how much of an advantage the additional ring structure actually gives in practice. Despite conventional wisdom that generic lattices might be too slow and unwieldy, we demonstrate that LWE-based key exchange is quite practical: our constant time implementation requires around 1.3ms computation time for each party; compared to the recent NewHope R-LWE scheme, communication sizes increase by a factor of 4.7x, but remain under 12 KiB in each direction. Our protocol is competitive when used for serving web pages over TLS; when partnered with ECDSA signatures, latencies increase by less than a factor of 1.6x, and (even under heavy load) server throughput only decreases by factors of 1.5x and 1.2x when serving typical 1 KiB and 100 KiB pages, respectively. To achieve these practical results, our protocol takes advantage of several innovations. These include techniques to optimize communication bandwidth, dynamic generation of public parameters (which also offers additional security against backdoors), carefully chosen error distributions, and tight security parameters.

A two-server password-based authentication (2PA) protocol is a special kind of authentication primitive that provides additional protection for the user's password. Through a 2PA protocol, a user can distribute his low-entropy password between two authentication servers in the initialization phase and authenticate himself merely via a matching password in the login phase. No single server can learn any information about the user's password, nor impersonate the legitimate user to authenticate to the honest server. In this paper, we first formulate and realize the security definition of two-server password-based authentication in the well-known universal composability (UC) framework, which thus provides desirable properties such as composable security. We show that our construction is suitable for the asymmetric communication model in which one server acts as the front-end server interacting directly with the user and the other stays backstage. Then, we show that our protocol could be easily extended to more complicate password-based cryptographic protocols such as two-server password-authenticated key exchange (2PAKE) and two-server password-authenticated secret sharing (2PASS), which enjoy stronger security guarantees and better efficiency performances in comparison with the existing schemes.

Identity concealment and zero-round trip time (0-RTT) connection are two of current research focuses in the design and analysis of secure transport protocols, like TLS1.3 and Google's QUIC, in the client-server setting. In this work, we introduce a new primitive for identity-concealed authenticated encryption in the public-key setting, referred to as higncryption, which can be viewed as a novel monolithic integration of public-key encryption, digital signature, and identity concealment. We then present the security definitional framework for higncryption, and a conceptually simple (yet carefully designed) protocol construction. As a new primitive, higncryption can have many applications. In this work, we focus on its applications to 0-RTT authentication, showing higncryption is well suitable to and compatible with QUIC and OPTLS, and on its applications to identity-concealed authenticated key exchange (CAKE) and unilateral CAKE (UCAKE). Of independent interest is a new concise security definitional framework for CAKE and UCAKE proposed in this work, which unifies the traditional BR and (post-ID) frameworks, enjoys composability, and ensures very strong security guarantee. Along the way, we make a systematically comparative study with related protocols and mechanisms including Zheng's signcryption, one-pass HMQV, QUIC, TLS1.3 and OPTLS, most of which are widely standardized or in use.

To resolve the more and more serious problems of sensitive data leakage from Android systems, a kind of method of data protection on encryption storage and encryption transmission is presented in this paper by adopting secure computation environment of SDKEY device. Firstly, a dual-authentication scheme for login using SDKEY and PIN is designed. It is used for login on system boot and lock screen. Secondly, an approach on SDKEY-based transparent encryption storage for different kinds of data files is presented, and a more fine-grained encryption scheme for different file types is proposed. Finally, a method of encryption transmission between Android phones is presented, and two kinds of key exchange mechanisms are designed for next encryption and decryption operation in the following. One is a zero-key exchange and another is a public key exchange. In this paper, a prototype system based on the above solution has been developed, and its security and performance are both analyzed and verified from several aspects.